Apple .Mac customers targeted for fraud

Phishers apparently take advantage of the difficulties that occurred when Apple transitioned users from .Mac to Mobile Me service last month.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi
2 min read

When Apple rolled out its Mobile Me service last month, it provided phishers with a golden opportunity to scam users of .Mac, according to a credit card protection service.

"We confirmed this," said Dan Clements, vice president at Affinion Group, the company that owns Card Cops. "...We called some of the .Mac users" found on a trading site used by the Internet underground.

Card Cops includes among its customers major banks worldwide. For the last eight years, the group has been helping its clients and law enforcement track down those who are trading personal information online.

Clements said his company routinely examines caches of "full profiles," meaning the files contained the social security numbers, birth dates, mothers' maiden names, and credit card numbers from customers of savvy users that were tricked. He said one day there was a "disproportionate amount of what we usually see" of victims using the .Mac e-mail address.

Of the 300 profiles provided to CNET News, more than 100 had .mac addresses.

"The attack looked very realistic; the graphics were well done," said Clements, and this snared some sophisticated victims, he said. Some had businesses accounts with Apple "because their mother's maiden name was already on file."

One version of the e-mail solicitation included links to help set up your desktop, PC, iPhone, or iPod Touch. It also stated that Apple was "unable to process your most recent payment," and to "please update your billing information today" so your service is not interrupted. Victims then entered their personal information on a site that appeared to be hosted by Apple, but was actually overseas.

The .Mac phishing attack coincided with Apple's rollout of its Mobile Me service in early July. MobileMe lets Apple customers synchronize mail, calendars, contacts, photos, Safari bookmarks, Dashboard widgets, and more among Macs, the iPhone, and iPod Touch. However, all was not perfect; MobileMe experience too many glitches in the first few weeks of operation.

Clements agreed that Apple was also a victim here, but commented that the company might have been "more preemptive by saying what Apple was going to do" with the e-mail and also warn users to be careful of phishing attacks.

Apple did not provide a comment for this story.